To be able to use Google for authentication, you first need to register with them.
This is done at their developer console.
Create a new project, enable the Google+ API and configure the callback address of your
local IdentityServer by adding the /signin-google path to your base-address (e.g. http://localhost:5000/signin-google).

If you are running on port 5000 - you can simply use the client id/secret from the code snippet
below, since this is pre-registered by us.

Start by adding the Google authentication handler to DI.
This is done by adding this snippet to ConfigureServices in Startup:

By default, IdentityServer configures a cookie handler specifically for the results of external authentication (with the scheme based on the constant IdentityServerConstants.ExternalCookieAuthenticationScheme).
The configuration for the Google handler is then using that cookie handler.
For a better understanding of how this is done, see the AccountController class under the Quickstart folder.

Now run the MVC client and try to authenticate - you will see a Google button on the login page:

After authentication, you can see that the claims are now being sourced from Google data.

And now a user should be able to use the cloud-hosted demo identity provider.

Note

The quickstart UI auto-provisions external users. As an external user logs in for the first time, a new local user is created, and all the external claims are copied over and associated with the new user. The way you deal with such a situation is completely up to you though. Maybe you want to show some sort of registration UI first. The source code for the default quickstart can be found here. The controller where auto-provisioning is executed can be found here.